Gotham Security Daily Threat Alerts

November 20, Threatpost – (International) Attackers using compromised Web plug-ins in CryptoPHP blackhat SEO campaign. Researchers with Fox-IT identified a group of attackers using compromised WordPress themes and plugins to deliver a piece of malware dubbed CryptoPHP that engages in fraudulent search engine optimization (SEO) operations. The malware can also inject content into sites using the compromised plugins and themes, update itself, and perform other tasks. Source: http://threatpost.com/attackers-using-compromised-web-plug-ins-in-cryptophp-blackhat-seo-campaign/109505

November 20, Securityweek – (International) Developers fix XSS vulnerability in jQuery Validation Plugin script. The developers of the jQuery Validation Plugin issued a fix for a vulnerability present in the plugin’s demo code that could have allowed an attacker to engage in session hijacking using a reflected cross-site scripting (XSS) attack. The code appeared to be first reported in 2007. Source: http://www.securityweek.com/developers-fix-xss-vulnerability-jquery-validation-plugin-script

November 20, Threatpost – (International) Angler exploit kit adds new Flash exploit for CVE-2014-8440. A security researcher reported that the Angler exploit kit has been equipped with an exploit for the CVE-2014-8440 vulnerability in Adobe Flash that can be used to take control of target systems. The vulnerability was patched by Adobe November 11 but unpatched systems remain vulnerable. Source: http://threatpost.com/angler-exploit-kit-adds-new-flash-exploit-for-cve-2014-8440/109498

November 20, Threatpost – (International) Drupal patches denial of service vulnerability; details disclosed. Researchers who identified a denial of service (DoS) vulnerability in the Drupal content management system published details of the vulnerability that could also expose user names following the release of a patch by Drupal November 19 to close the vulnerability. Source: http://threatpost.com/drupal-patches-denial-of-service-vulnerability-details-disclosed/109502

November 19, Network World – (International) FTC gets federal court to shut down $120M tech support scam. The Federal Trade Commission (FTC) announced November 19 that a federal court granted its request to temporarily shut down two telemarketing operations that allegedly defrauded consumers out of more than $120 million by convincing them to grant the marketers remote access and deceiving them into paying for services and products to solve nonexistent computer problems. The companies involved include PC Cleaner, Boost Software, and Inbound Call Experts, and the defendants are the targets of separate cases filed by the FTC and the State of Florida. Source: http://www.networkworld.com/article/2849636/security0/ftc-gets-federal-court-to-shut-down-120m-tech-support-scam.html

November 19, Softpedia – (International) Privilege escalation risk fixed in Android Lollipop, lower versions vulnerable. A researcher who identified and reported a flaw in the Android operating system that could allow an attacker to execute arbitrary code released a proof-of-concept for the vulnerability following the November 3 release of a patch that closes the vulnerability in Android Lollipop (also known as Android 5.0). The vulnerability is still present on previous Android versions. Source: http://news.softpedia.com/news/Privilege-Escalation-Risk-Fixed-in-Android-Lollipop-Lower-Versions-Vulnerable-465407.shtml

November 19, Threatpost – (International) Citadel variant targets password managers. Researchers with IBM Trusteer notified the makers of the nexus Personal Security Client, KeePass, and Password Safe password managers that a new variant of the Citadel malware is targeting the three services in an attempt to steal users’ logins and passwords. Source: http://threatpost.com/citadel-variant-targets-password-managers/109493